Information Security Engineer, MDR/XDR at Root
The Information Security team at Root strives to lower the organization's risk while enabling transformative technologists to do their cutting-edge work. As an Information Security Engineer, you’ll be joining a small team dedicated to securing Root, having a large opportunity to influence how we build and secure these systems.
The ideal candidate brings strong MDR/XDR/SOC experience along with Sumologic query experience. You'll work with various stakeholders to implement/rollout and tune an enterprise MDR/XDR system, having the opportunity to build out playbooks for managing incidents/alerts. This position provides a unique opportunity to work in a rapidly growing, inclusive environment and assist with projects beyond a traditional information security engineer's scope.
What you'll be doing
- Monitor MDR/XDR system console for active alerts and determine priority of response
- Review/diagnose/remediate incoming MDR/XDR alerts and document all identified alerts
- Assist with troubleshooting MDR/XDR tool configurations that may impact production environments and tune MDR/XDR platform as necessary
- Analyze all level of problems and document findings in accordance with procedures
- Monitor and compile incident reports and perform quality assurance activities
- Review daily log data gathered from various resources such as sensors, audit logs and alert logs
- Manage a problem resolution process from initial reporting to resolution
- Make determinations of the operational impact of a particular threat
- Recommend immediate corrective actions for high priority alerts
- Identify and escalate other priority alerts
- Preservation and forensic analysis of artifacts on Windows, Mac, and Linux Systems
- Craft queries in MDR/XDR and Sumologic systems to assist in threat detection
What we're looking for
- Experience with Managed Detection & Response software with an understanding of its features and usefulness
- Experience in implementation, tuning and rollout of enterprise MDR/XDR systems
- Experience in Information Security operations & management with hands on experience using Sumologic/similar SIEM tool
- Able to create incident response (IR) plan, IR play books, manage all incidents and crisis situations
- Prior experience in Cyber Forensics is preferred
- Strong knowledge of cyber-attacks and techniques, Cyber Kill chain, incident management best practices
- A high-level understanding of multi-tiered applications and various network and security devices/protocols
- Knowledge of various operating system flavors including but not limited to Windows, Mac and Linux
- Knowledge of cyber-criminal techniques, compliance and regulatory standards
- Strong analytical and investigation skills & active threat hunting and adversary tracking
- Scripting skills (e.g. PowerShell, Bash, Shell scripting)
- Amazon Web Services familiarity
At Root, we judge people based on the merit of their work, not who they are. Very few (if any!) people will fit every description; so if you are passionate about what this role entails, and are excited by solving real problems, we encourage you to apply; we want to learn about you, and what you can add to our team!
Who we are.
Root Insurance is the nation’s first licensed insurance carrier powered entirely by mobile. We were founded on the belief that the services you need for everyday life should serve you better. That’s why we base insurance coverages on you, not your demographic. It’s the way insurance should be. And it’s all conveniently in an app.
What draws people to Root.
We’re a rapidly scaling technology company. Our early success is in large part due to our unwavering standards in hiring. We recognize that our product is only as good as the people building and promoting it. We look for individuals who find solutions by going through the cycle of ideation to implementation with curiosity, rigor, and a highly analytical lens. Ask anyone who works here and you’ll hear similar reasons for why they joined:
Autonomy. For assertive self-starters, the opportunities to contribute are limitless.
Impact. By challenging the way it’s always been done, we solve problems that have a big impact on our business.
Collaboration. We encourage rich discussion and civil debate at every turn.
People. We are inspired by the collection of crazy-smart people around us